CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

PT-2026-29526

Name of the Vulnerable Software and Affected Versions pymanager affected versions not specified Description pymanager included the current working directory in its sys.path, allowing modules in the current working directory to shadow intended packages. If a user runs a pymanager-generated command...

MAL-2026-1496 Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

Gradio 安全漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.7, Gradio had a security vulnerability. This vulnerability stemmed from changes in the definition of os.path.isabs in Python 3.13+,...

CVE-2026-26975

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

PT-2026-20923

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.2.0 Splunk Enterprise for Windows versions prior to 10.0.3 Splunk Enterprise for Windows versions prior to 9.4.8 Splunk Enterprise for Windows versions prior to 9.3.9 Splunk Enterprise for...

PT-2026-20924

Splunk Enterprise Windows flaws CVSS 7.7 CVE-2026-20143 & CVE-2026-20140 allow system takeover via DLL and Python search path hijacking. Patch immediately. Splunk CyberSecurity InfoSec WindowsSecurity DLLHijacking LPE PatchNow https://t.co/wudRkJ9tIM...

BIT-PYTHON-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

gimp:2.8 security update

gimp 2:2.8.22-26.3 - fix CVE-2025-10920 - fix CVE-2025-10921 - fix CVE-2025-10922 - fix CVE-2025-10923 - fix CVE-2025-10924 - fix CVE-2025-10925 - fix CVE-2025-10934 2:2.8.22-26.2 - fix CVE-2025-5473 RHEL-95696 2:2.8.22-26.1 - fix CVE-2025-48797 RHEL-93503 - fix CVE-2025-48798 RHEL-93506...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990-PoC What is needrestart and how does it wor...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 PYTHONPATH Hijack - Privilege Escalation Exploi...

Linux Distros Unpatched Vulnerability : CVE-2023-41105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at...

BIT-LIBPYTHON-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

SUSE-SU-2025:20103-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: - No longer supply bogus services to callbacks bsc1226586. - Tag hardening patches as PATCH-FEATURE-OPENSUSE - Remove dependency on /usr/bin/python3 using...

Astra Linux - уязвимость в needrestart

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

SUSE CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

DEBIAN-CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

USN-7117-1 Several security issues were fixed in needrestart and Module::ScanDeps

Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. CVE-2024-11003 Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed...

needrestart 权限许可和访问控制问题漏洞

needrestart is a tool by liske personal developer for checking which daemons need to be restarted after an upgrade. A security vulnerability exists in versions prior to needrestart 3.8, which stems from a vulnerability that allows a local attacker to run the Python interpreter by tricking...

Python Exec, Python Execute Command

Execute a Python payload from a command. Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...